CLAIMS 

What is claimed is: 



1 LA method for implementing management policies on a network using 

2 topology reduction, the network including at least a first domain having a plurality of 

3 network elements, the method comprising: 

4 determining a communication path passing through the first domain of 

5 the network that characterizes the first domain as a node, the communication 

6 path being characterized to pass communications without information loss; and 

7 implementing a management policy for the network using the communication path. 

1 2. The method of claim 1 , wherein implementing a management policy includes 

2 implementing a firewall configuration on the communication path. 

1 3 . The method of claim 1 , wherein determining a communication path passing 

2 through the first domain includes identifying a second domain for a source element of a 

3 communication that uses the communication path, and identifying a third domain for a 

4 destination element for the communication, the second and third domain each including a 

5 plurality of network elements. 
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1 4. The method of claim 1 , wherein determining a communication path passing 

2 through the first domain includes: 

3 identifying a second domain for a source element of a communication that uses the 

4 communication path, the second domain including a plurality of network elements; 

5 identifying a third domain for a destination element for the communication, the third 

6 domain including a plurality of network elements; and 

7 characterizing a portion of the communication path within the second domain as a 

8 distance between the source element and an interface to the second domain, the portion of the 

9 communication path within the second domain being characterized without information loss. 

1 . 5. The method of claim 1, wherein determining a communication path passing 

2 through the first domain includes: 

3 identifying a second domain for a source element of a communication that uses the 

4 communication path, the second domain including a plurality of network elements; 

5 identifying a third domain for a destination element for the communication, the third 

6 domain including a plurality network elements; 

7 characterizing a portion of the communication path within the second domain as a 

8 distance between the source element and an interface to the second domain, the portion of the 

9 communication path within the second domain being characterized without information loss; 

10 and 

1 1 characterizing a portion of the communication path within the third domain as a 

1 2 distance between the destination element and an interface to the third domain, the portion of 

1 3 the communication path within the third domain being characterized without information 

14 loss. 



50325-0554 (4005) 



-24- 



1 6. The method of claim 1 , wherein determining a communication path passing 

2 through the first domain includes identifying a second domain containing a source element 

3 and a destination element, a communication from the source element being signaled from the 

4 second domain to the first domain before being signaled to the destination element in the 

5 second domain. 

1 7. The method of claim 1 , wherein determining a communication path passing 

2 through the first domain includes: 

3 identifying a second domain for a source element of a communication that uses the 

4 communication path, the second domain including a plurality of network elements; 

5 identifying a third domain for a destination element for the communication, the third 

6 domain including a plurality of network elements; 

7 characterizing a portion of the communication path within the second domain as a 

8 distance between the source element and an interface to the second domain, the portion of the 

9 communication path within the second domain being characterized without information loss; 

10 and 

1 1 characterizing a portion of the communication path within the third domain as a 

1 2 distance between the destination element and an interface to the third domain, the portion of 

1 3 the communication path within the third domain being characterized without information 

14 loss; and 

1 5 characterizing a portion of the communication path passing through the first domain 

16 as a distance between the second domain and the third domain. 
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1 8. A method for implementing management policies on a network using a policy 

2 server, the method comprising: 

3 identifying a plurality of domains in the network, the plurality of domains each 

4 including a plurality of network elements; 

5 identifying a first domain in the plurality of domains having a cloudification 

6 characteristic, the first domain having at least a first management component and a 

7 corresponding interface that forms an edge to the first domain; and 

8 characterizing at least a first communication path for communications having an end 

9 element within the first domain as being a distance between the corresponding interface to 

1 0 the first domain and the end element, the first communication path passing communications 

1 1 without information loss. 

1 9. The method of claim 8, further comprising implementing a management 

2 policy using the first communication path. 

1 1 0. The method of claim 8, further comprising storing the first communication 

2 path as a data structure defining the distance between the corresponding interface to the first 

3 domain and the end element. 

1 1 1 . The method of claim 8, wherein identifying a plurality of domains in the 

2 network includes identifying a plurality of management components, each management 

3 component having a corresponding interface and forming an edge for at least one domain. 
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1 12. The method of claim 8, wherein identifying a plurality of domains in the 

2 network includes identifying a plurality of network elements that are interconnected between 

3 one or more interfaces of management components. 

1 1 3 . The method of claim 8, wherein identifying a plurality of domains in the 

2 network includes identifying a plurality of firewall components, each firewall component 

3 having a corresponding interface and forming an edge for at least one domain. 

1 1 4. The method of claim 8, wherein identifying a first domain in the plurality of 

2 domains having a cloudification characteristic includes determining that the first 

3 management component has only one interface to the first domain. 

1 1 5. The method of claim 8, wherein identifying a first domain in the plurality of 

2 domains having a cloudification characteristic includes determining that each management 

3 component for the first domain has multiple interfaces to the first domain, wherein each of 

4 the multiple interfaces are configured to forward communications received from a network 

5 element within the first domain to another element or interface that is exterior to the first 

6 domain. 

1 16. The method of claim 1 0, wherein identifying a first domain in the plurality of 

2 domains having a cloudification characteristic includes determining that the first domain has 

3 only one or two corresponding interfaces that form edges for that domain. 
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1 1 7. A method for implementing management policies on a network using a policy 

2 server, the method comprising: 

3 identifying a plurality of domains in the network, each of the plurality of domains 

4 having at least one network element; 

5 identifying a plurality of cloudified domains from the plurality of domains, each 

6 cloudified domain being bounded by a management component and at least one interface for 

7 the management component; 

8 identifying a source element and a destination element for a communication; and 

9 defining a plurality of communication paths passing within a first cloudified domain 

1 0 in the plurality of cloudified domains, each of the plurality of communication paths 

1 1 characterizing the first cloudified domain as a distance between an interface to the first 

1 2 domain and an end point element, the end point element characterizing at least one of the 

1 3 source element and the destination element, each of the plurality of communication paths 

1 4 passing communications within the first cloudified domain without information loss, and 

1 1 8. The method of claim 17, further comprising implementing a management 

2 policy using one of the communication paths. 

1 1 9. The method of claim 1 7, further comprising selecting a communication path 

2 from the plurality of communication paths, and implementing a management policy using the 

3 selected communication path 
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1 20. The method of claim 17, wherein defining the plurality of communication 

2 paths includes characterizing one or more of the communication paths as a data structure that 

3 defines a distance between a network element of that domain and an interface to the 

4 management component of that domain. 

1 21. The method of claim 1 7, wherein defining the plurality of communication 

2 paths includes: 

3 characterizing one or more of the communication paths as a first data structure that 

4 defines a distance between each network element of that domain and an interface to the 

5 management component of that domain; and 

6 characterizing the one or more communication paths as a second data structure that 

7 defines a distance between two or more interfaces that bound that domain. 

1 22. The method of claim 17, wherein identifying at least a first path in the 

2 plurality of communication paths includes characterizing the communication passing through 

3 a second cloudified domain in the plurality of domains as a node. 

1 23 . The method of claim 1 6, wherein identifying at least a first path in the 

2 plurality of communication paths includes: 

3 characterizing the communication passing through a second cloudified domain in the 

4 plurality of domains as a node; and 

5 characterizing the communication passing through a third cloudified domain in the 

6 plurality of domains as a second distance between an interface to the third cloudified domain 

7 and an end point element within the third cloudified domain. 
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1 24. A method for implementing management policies using a policy server that is 

2 communicatively coupled to one or more managed devices in a network, the method 

3 comprising: 

4 identifying a plurality of domains in the network, each of the plurality of domains 

5 having at least one network element; 

6 identifying a plurality of cloudified domains from the plurality of domains, each 

7 cloudified domain being bounded by one or more management components and at least one 

8 interface for each of the one or more management components; 

9 determining a first data structure for each of the plurality of cloudified domains, the 



1 0 first data structure including a data element that specifies a distance between each network 

1 1 element in that cloudified domain and the at least one interface for the one or more 

12 management component that bound that cloudified domain; 

1 3 determining a second data structure for each of the cloudified domains, the second 

14 data structure including a data element that specifies a distance between each of the 

1 5 interfaces of the one or more management components that bound the cloudified domain; and 

1 6 storing the first data structure and the second data structure. 

1 25. The method of claim 24, further comprising accessing the first data structure 

2 and the second data structure to determine a first path for passing communications without 

3 information loss within at least one of the cloudified domains. 
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1 26. The method of claim 24, further comprising determining a plurality of paths 

2 for passing communications without information loss within the at least one of the cloudifed 

3 domains using the first data structure and the second data structure, and selecting a first path 

4 from the plurality of paths. 

1 27. The method of claim 24, further comprising accessing the first data structure 

2 and the second data structure to determine a plurality of paths for passing communications 

3 without information loss within the at least one of the cloudifed domains, and selecting a first 

4 path from the plurality of paths having a smallest distance for passing the communications. 
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1 28. A computer readable medium for implementing a management policy on a 

2 network, the computer readable medium carrying instructions for performing the steps of: 

3 identifying a plurality of domains in the network, each of the plurality of domains 

4 having at least one network element; 

5 identifying a plurality of cloudifled domains from the plurality of domains, each 

6 cloudifled domain being bounded by one or more management components and at least one 

7 interface for each of the one or more management components; 

8 determining a first data structure for each of the plurality of cloudifled domains, the 

9 first data structure including a data element that specifies a distance between each network 

1 0 element in that cloudifled domain and the at least one interface for the one or more 

1 1 management component that bound that cloudifled domain; 

1 2 determining a second data structure for each of the cloudifled domains, the second 

1 3 data structure including a data element that specifies a distance between each of the 

14 interfaces of the one or more management components that bound the cloudifled domain; and 

1 5 storing the first data structure and the second data structure. 



1 29. The computer readable medium of claim 28, further comprising instructions 

2 for accessing the first data structure and the second data structure to determine a first path for 

3 passing communications without information loss within at least one of the cloudifled 

4 domains. 
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1 30. The computer readable medium of claim 28, further comprising instructions 

2 for determining a plurality of paths for passing communications without information loss 

3 within the at least one of the cloudifed domains using the first data structure and the second 

4 data structure, and selecting a first path from the plurality of paths. 

1 3 1 . The computer readable medium of claim 28, further comprising instructions 

2 for accessing the first data structure and the second data structure to determine a plurality of 

3 paths for passing communications without information loss within the at least one of the 

4 cloudifed domains, and selecting a first path from the plurality of paths having a smallest 

5 distance for passing the communications. 



1 32. A computer system to implement management policies on a network using 

2 topology reduction, the network including at least a first domain having a plurality of 

3 network elements, the computer system comprising: 

4 means for determining a communication path passing through the first 

5 domain of the network that characterizes the first domain as a node, the 

6 communication path being characterized to pass communications without 

7 information loss; and 

8 means for implementing a management policy for the network using the 

9 communication path. 
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1 3 3 . A policy server cornmunicatively coupled to one or more managed devices in 

2 a network to implement a management policy using topology reduction, the policy server 

3 comprising: 



4 a processor configured to: 

5 identify a plurality of domains in the network, the plurality of domains each 

6 including a plurality of network elements; 

7 identify a first domain in the plurality of domains having a cloudification 

8 characteristic, the first domain having at least a first management component and a 

9 corresponding interface that forms an edge to the first domain; and 

I o characterize at least a first communication path for communications having an 

I I end element within the first domain as being a distance between the corresponding 

1 2 interface to the first domain and the end element, the first communication path 

1 3 passing communications without information loss. 
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